Search for: All records

Payment channel networks are a promising solution to the scalability challenge of blockchains and are designed for significantly increased transaction throughput compared to the layer one blockchain. Since payment channel networks are essentially decentralized peerto- peer networks, routing transactions is a fundamental challenge. Payment channel networks have some unique security and privacy requirements that make pathfinding challenging, for instance, network topology is not publicly known, and sender/receiver privacy should be preserved, in addition to providing atomicity guarantees for payments. In this paper, we present an efficient privacypreserving routing protocol, SPRITE, for payment channel networks that supports concurrent transactions. By finding paths offline and processing transactions online, SPRITE can process transactions in just two rounds, which is more efficient compared to prior work. We evaluate SPRITE’s performance using Lightning Network data and prove its security using the Universal Composability framework. In contrast to the current cutting-edge methods that achieve rapid transactions, our approach significantly reduces the message complexity of the system by 3 orders of magnitude while maintaining similar latencies. 

New breed of applications, such as autonomous driving and their need for computation-aided quick decision making has motivated the delegation of compute-intensive services (e.g., video analytic) to the more powerful surrogate machines at the network edge–edge computing (EC). Recently, the notion of pervasive edge computing (PEC) has emerged, in which users’ devices can join the pool of the computing resources that perform edge computing. Inclusion of users’ devices increases the computing capability at the edge (adding to the infrastructure servers), but in comparison to the conventional edge ecosystems, it also introduces new challenges, such as service orchestration (i.e., service placement, discovery, and migration). We propose uDiscover, a novel user-driven service discovery and utilization framework for the PEC ecosystem. In designing uDiscover, we considered the Named-Data Networking architecture for balancing users workloads and reducing user-perceived latency. We propose proactive and reactive service discovery approaches and assess their performance in PEC and infrastructure-only ecosystems. Our simulation results show that (i) the PEC ecosystem reduces the user-perceived delays by up to 70%, and (ii) uDiscover selects the most suitable server–"accurate" delay estimates with less than 10% error–to execute any given task. 

With the proliferation of smart and connected mobile, wireless devices at the edge, Distributed Denial of Service (DDoS) attacks are increasing. Weak security, improper commissioning, and the fast, non-standardized growth of the IoT industry are the major contributors to the recent DDoS attacks, e.g., Mirai Botnet attack on Dyn and Memcached attack on GitHub. Similar to UDP/TCP flooding (common DDoS attack vector), request flooding attack is the primary DDoS vulnerability in the Named-Data Networking (NDN) architecture.In this paper, we propose PERSIA, a distributed request flooding prevention and mitigation framework for NDN-enabled ISPs, to ward-off attacks at the edge. PERSIA's edge-centric attack prevention mechanism eliminates the possibility of successful attacks from malicious end hosts. In the presence of compromised infrastructure (routers), PERSIA dynamically deploys an in-network mitigation strategy to minimize the attack's magnitude. Our experimentation demonstrates PERSIA's resiliency and effectiveness in preventing and mitigating DDoS attacks while maintaining legitimate users' quality of experience (> 99.92% successful packet delivery rate). 

The smart grid is equipped with bi-directional information flow between its devices, aiming at automation, improved stability, resilience, and robust security. However, enabling effective and reliable communication in a smart grid is a challenging task. The majority of the proposed networking architectures fall short in addressing the key aspects of smart grid communication, including device heterogeneity, protocols and standards interoperability, and particularly application qualityof-service (QoS) requirements. In this paper, we propose iCAAP, an information-centric, QoSaware network architecture that aims to satisfy the low latency, high bandwidth, and high reliability requirements of smart grid communications. In iCAAP, we categorize smart grid traffic (emanating from diverse applications) into three priority classes to enable preferential treatment of traffic flows. Our simulation results demonstrate the higher scalability of iCAAP in satisfying the stringent requirements of high priority traffic compared to the state-of-the-art. 

The smart grid is equipped with bi-directional information flow between its devices, aiming at automation, improved stability, resilience, and robust security. However, enabling effective and reliable communication in a smart grid is a challenging task. The majority of the proposed networking architectures fall short in addressing the key aspects of smart grid communication, including device heterogeneity, protocols and standards interoperability, and particularly application quality- of-service (QoS) requirements. In this paper, we propose iCAAP, an information-centric, QoS-aware network architecture that aims to satisfy the low latency, high bandwidth, and high reliability requirements of smart grid communications. In iCAAP, we categorize smart grid traffic (emanating from diverse applications) into three priority classes to enable preferential treatment of traffic flows. Our simulation results demonstrate the higher scalability of iCAAP in satisfying the stringent requirements of high priority traffic compared to the state-of-the-art. 

The Named Data Networking architecture mandates cryptographic signatures of packets at the network layer. Traditional RSA and ECDSA public key signatures require obtaining signer's NDN certificate (and, if needed, the next-level certificates of the trust chain) to validate the signatures. This potentially creates two problems. First, the communication channels must be active in order to retrieve the certificates, which is not always the case in disruptive and ad hoc environments. Second, the certificate identifies the individual producer and thus producer anonymity cannot be guaranteed if necessary. In this paper, we present NDN-ABS, an alternative NDN signatures design based on the attribute-based signatures, to addresses both these problems. With NDN-ABS, data packets can be verified without the need for any network retrieval (provided the trust anchor is pre-configured) and attributes can be designed to only identify application-defined high-level producer anonymity sets, thus ensuring individual producer's anonymity. The paper uses an illustrative smart-campus environment to define and evaluate the design and highlight how the NDN trust schema can manage the validity of NDN-ABS signatures. The paper also discusses performance limitations of ABS and potential ways they can be overcome in a production environment.